Lucene search

[email protected]NVD:CVE-2018-16498

HistoryMay 26, 2021 - 7:15 p.m.

CVE-2018-16498

2021-05-2619:15:08

CWE-312

[email protected]

web.nvd.nist.gov

versa director

unencrypted backup files

credentials

configuration files

snmp

ssl

trust keystores

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

12.6%

JSON

In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores.

Affected configurations

Nvd

Node

versa-networksversa_directorMatch-

VendorProductVersionCPE
versa-networksversa_director-cpe:2.3:a:versa-networks:versa_director:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
versa-networks	versa_director	-	cpe:2.3:a:versa-networks:versa_director:-:::::::*

References

hackerone.com/reports/1168195

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2018-16498

hackerone1 prion1 cvelist1 cve1